Have you purchased food or beverages at Panera Bread Company lately? Then pay attention as a new class action lawsuit is seeking redress for a nationwide data breach that may have left millions of customers vulnerable to identity theft.

Six named plaintiffs filed the Panera data breach class action lawsuit in Illinois federal court earlier this month, claiming their personal identifying information was exposed to hackers and are alleging Panera needs to be held accountable.

According to the Panera data breach class action lawsuit, customers who created and used Panera’s My Rewards care or an internet or smart phone app called MyPanera to order Panera food products for pickup orders at any of Panera’s 2,000 nationwide restaurants may have been the victims of the data breach. This information includes names, credit and/or debit card account numbers, card expiration dates, card verification codes, emails, telephone numbers, and other demographic information.

Reportedly, Panera was warned that it had placed sensitive personal information of customers at risk but the company ignored the warning. On April 2, 2018 Krebs On Securityreported that Panera’s website had “leaked millions of customer records – including names, email and physical addresses, birthdays, and the last four digits of the customer’s credit card number – for at least eight months.

Additionally, the Panera data breach class action lawsuit states that to date, Panera has yet to take action since discovering the security breach to inform customers that their personal information may have been “negligently or recklessly exposed to hackers and/or unknown nefarious third parties.” The complaint goes on to contend that Panera failed to implement and maintain reasonable security procedures to proactively protect its customers’ information that was compromised in the data breach.

“As a direct and proximate result of Panera’s wrongful action and inaction and the resulting data breach, Plaintiffs and Class Members have been placed at an imminent, immediate, and continuing risk of harm from identity theft and identity fraud.”

Now, plaintiffs and Class Members will be required to spend time and resources to monitor to their credit reports and be on the lookout for fraud or identity theft, the complaint notes.

The named plaintiffs are seeking to represent a nationwide class of consumers, as well as statewide Classes, who purchased food or beverage items at Panera Bread Company using their credit or debit card. Among monetary damages, they are asking for equitable relief for Panera’s reported failure to issue “prompt, complete, and accurate disclosures” to customers about the data breach.